Ionic-native: @ionic-native\secure-storage 4.2.1 secureDevice() method is inaccessible when device is not secure

Created on 4 Sep 2017  路  5Comments  路  Source: ionic-team/ionic-native

I'm submitting a ...
[ x] bug report
[ ] feature request

Current behavior:

If device is not properly secured when instantiating SecureStorage, it will reject with _Device not secure_ error. Any developer would then like to direct the user to the screen-lock page of the device to apply screen lock. Secure storage pagkage has a method exactly for that - secureDevice(). PROBLEM: secureDevice() method is in SecureStorageObject's instance which already rejected because device was not secure.
What is happening is SecureStorage raises an error that device is not secure but does not provide any means of directing user to the screen-lock page. Yes it has secureDevice() method which does exactly that but this method is unreachable in case your device is not secure which is counterintuitive. If users device is secure then you could access secureDevice() without problems but there's no need to.

Expected behavior:
The secureDevice() method should be on SecureStorage class in order to be accessible when calling .create() method on it if it rejects.

Steps to reproduce:

import { SecureStorage, SecureStorageObject } from '@ionic-native/secure-storage';
import { Component, OnInit } from '@angular/core';

@Component({
    selector: 'example-page',
    templateUrl: './example.page.html'
})
export class ExamplePage implements OnInit {
    private secureStorageStore: SecureStorageObject = null;
    private deviceSecure = false;

    constructor (private secureStorage: SecureStorage) {
    }

    async ngOnInit () {
        try {
            this.secureStorageStore = await this.secureStorage.create('ExampleStore'); // Rejects, because device does not have screen lock
            this.deviceSecure = true;
            // Device is secure, can save credentials.
        } catch (err) {
            // Device is not secure, trying to direct user to screen-lock page
            this.deviceSecure = false;

            try {
                await this.secureStorageStore.secureDevice(); // OOPS ERROR: Cannot read property 'secureDevice' of null
                this.deviceSecure = true; // We never get here because secureDevice is undefined on this.secureStorageStore
                console.log('Device is now secured!');
            } catch (err) {
                this.deviceSecure = false;
                console.log('User did not apply sufficient security measures!');
            }
        }
    }
}

Other information:
@ionic-native\secure-storage type definition file also specifies that secureDevice() is on SecureStorageObject which is inaccessible if device is not secure.

picture Writech
👍7

Most helpful comment

Same issue right here, any update on this?

picture joanroig on 1 Oct 2018
👍3

All 5 comments

Just noticed this issue today as well, very counter-intuitive.

JamieWritesCode picture JamieWritesCode on 27 Sep 2017

Also mentioned #1626 and #1625.

JamieWritesCode picture JamieWritesCode on 28 Sep 2017

I have a temporary fix for this see:
https://stackoverflow.com/questions/46520464/ionic-secure-storage-ask-the-user-to-set-a-lock-screen/46583135#46583135

Hope it helps someone, I have tested this fix on android 4 till 8. However no guarantee :)

RobAben picture RobAben on 5 Oct 2017

Hi, is there a fix for this or is it necessary to modify the plugin?

oezpeda picture oezpeda on 25 Jul 2018
👍3

Same issue right here, any update on this?

joanroig picture joanroig on 1 Oct 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

FdezRomero picture FdezRomero  路  4Comments
mateo666 picture mateo666  路  3Comments
ghost picture ghost  路  3Comments
kyleap picture kyleap  路  4Comments
ajcrites picture ajcrites  路  3Comments